Synchronization and trust are two possible approaches to indirect integration. Synchronization is generally discouraged, and Red Hat recommends to use the approach based on Active Directory (AD) trust instead. See Section 1.3, “Indirect Integration” for details.

This chapter describes how to migrate an existing synchronization-based setup to AD trust. The following migrating options are available in IdM:

7.1. Migrate from Synchronization to Trust Automatically Using ipa-winsync-migrate

Important

The ipa-winsync-migrate utility is only available on systems running Red Hat Enterprise Linux 7.2 or later.

7.1.1. How Migration Using ipa-winsync-migrate Works

The ipa-winsync-migrate utility migrates all synchronized users from an AD forest, while preserving the existing configuration in the Winsync environment and transferring it into the AD trust. For each AD user created by the Winsync agreement, ipa-winsync-migrate creates an ID override in the Default Trust View (see Section 8.1, “Active Directory Default Trust View”).

After the migration completes:

The ID overrides for the AD users have the following attributes copied from the original entry in Winsync:

Login name (uid)

UID number (uidnumber)

GID number (gidnumber)

Home directory (homedirectory)

GECOS entry (gecos)

The user accounts in the AD trust keep their original configuration in IdM, which includes:

POSIX attributes

User groups

Role-based access control rules

Host-based access control rules

SELinux membership

sudo rules

The new AD users are added as members of an external IdM group.

The original Winsync replication agreement, the original synchronized user accounts, and all local copies of the user accounts are removed.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.